summaryrefslogtreecommitdiff
path: root/pkg/spec/spec.go
Commit message (Collapse)AuthorAge
* podman: allow to specify the PID namespace to joinGiuseppe Scrivano2018-07-24
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1145 Approved by: rhatdan
* podman: allow to specify the userns to joinGiuseppe Scrivano2018-07-24
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1145 Approved by: rhatdan
* network: support ns: prefix to join existing namespaceGiuseppe Scrivano2018-07-24
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1145 Approved by: rhatdan
* spec: allow container:NAME network modeGiuseppe Scrivano2018-07-24
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1145 Approved by: rhatdan
* Support multiple networksbaude2018-07-12
| | | | | | | | | | | | | This is a refresh of Dan William's PR #974 with a rebase and proper vendoring of ocicni and containernetworking/cni. It adds the ability to define multiple networks as so: podman run --network=net1,net2,foobar ... Signed-off-by: baude <bbaude@redhat.com> Closes: #1082 Approved by: baude
* Add --volumes-from flag to podman run and createumohnani82018-07-09
| | | | | | | | | | podman now supports --volumes-from flag, which allows users to add all the volumes an existing container has to a new one. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #931 Approved by: mheon
* Mask /proc/keys to protect information leak about keys on hostDaniel J Walsh2018-07-08
| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1060 Approved by: mheon
* Block use of /proc/acpi from inside containersDaniel J Walsh2018-07-06
| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1053 Approved by: mheon
* changes to allow for darwin compilationbaude2018-06-29
| | | | | | | Signed-off-by: baude <bbaude@redhat.com> Closes: #1015 Approved by: baude
* Start using github.com/seccomp/containers-golangDaniel J Walsh2018-06-29
| | | | | | | | | User newer seccomp bindings from the seccomp upstream Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1021 Approved by: giuseppe
* *: Replace Generator.Spec() with Generator.ConfigW. Trevor King2018-06-27
| | | | | | | | | | | | Catching up with opencontainers/runtime-tools@84a62c6a (generate: Move Generator.spec to Generator.Config, 2016-11-06, #266, v0.6.0), now that we've bumped runtime-tools in f6c0fc1a (Vendor in latest runtime-tools, 2018-06-26, #1007). Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #1008 Approved by: mheon
* generator.New() requires an OS string input variablebaude2018-06-27
| | | | | | | Signed-off-by: baude <bbaude@redhat.com> Closes: #1007 Approved by: baude
* rootless: add management for the userNSGiuseppe Scrivano2018-06-27
| | | | | | | | | | When running podman as non root user always create an userNS and let the OCI runtime use it. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #936 Approved by: rhatdan
* spec: remove dead codeGiuseppe Scrivano2018-06-15
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #871 Approved by: mheon
* oci: do not set resources in rootless modeGiuseppe Scrivano2018-06-15
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #871 Approved by: mheon
* spec: change mount options for /dev/pts in rootless modeGiuseppe Scrivano2018-06-15
| | | | | | | | | | The default /dev/pts has the option gid=5 that might not be mapped in the rootless case. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #871 Approved by: mheon
* When setting a memory limit, also set a swap limitMatthew Heon2018-06-15
| | | | | | | | | Closes #940 Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #946 Approved by: rhatdan
* Add flag to add annotations to a containerMatthew Heon2018-06-04
| | | | | | | | | | Also add annotations from the image the container was created from. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #886 Approved by: rhatdan
* Clear all caps, except the bounding set, when --user is specified.Daniel J Walsh2018-05-31
| | | | | | | | | | | | Currently we are giving all caps to users when running with podman run --user, They should get none by default. If the command line includes --cap-add, then we need to run with those capabilties. Similarly we need to drop caps from bounding set, if user specifies --cap-drop Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #851 Approved by: mheon
* podman create, start, getattachsocketbaude2018-05-21
First pass at implement API endpoints for create and start. Signed-off-by: baude <bbaude@redhat.com> Closes: #805 Approved by: baude